NSA Leak Raises Questions About Background Checks for Information Technology Employees
June 13, 2013
Edward Snowden, the government contractor hired by Booz Allen, says that he leaked information about the National Security Administration’s (NSA) secret cyber-spying program designed to thwart terrorist attacks on the United States because he felt that Americans had a right to know about the program and debate its merits. Whether you agree with Snowden’s motives or not (for the record, I’m not buying it), this breach of Top Secret information should raise concerns among employers about their vulnerability when it comes to projecting sensitive company information.
Before we get started, it is important to note that Snowden probably submitted to the Grand Daddy of all employee background checks by both Booz Allen and the NSA before he was hired and tasked with the IT responsibilities required by his position.Clearly, nothing turned up on that background check. If it had, he wouldn’t have been hired. And even in the aftermath of this mess, no one is claiming that anything was missed.
However, Snowden’s leak is a very public example of what we have been saying for years: because IT employees have the keys to the castle (employee records, emails, financial records, confidential documents), employers need to recognize the vulnerability and perform proper due diligence before these employees are hired. That means stringent criminal records checks, thorough employment and education verifications, reference interviews and credit checks (if they have access to financial records). Basically, the whole nine yards.
Unfortunately as we’ve learned in Snowden’s case, if there is nothing in the person’s past such as a criminal record, an employment background check cannot always predict future behavior. That doesn’t mean that employers should just throw up their hands and throw caution to the wind. After all, a person without a checkered past is far less likely to engage in nefarious activity than someone who has in the past.
Here are some tips for conducting employment background checks on IT candidates:
- Conduct an Address History Search (Social Security Number Trace) to determine where the person has lived and what names they may have used
- Perform a County Criminal Records Check in each county and under each name the person has used to reveal any felonies, misdemeanors and infractions
- Complement your research with a National Criminal Database Search to highlight potential convictions that occurred in other jurisdictions
- Verify Employment History and Academic Credentials
- Contact Professional References– I know, these are usually useless, but you never know
- Consult a Credit Report from any one of three major credit bureaus (if the person has access to sensitive financial records and your state does not preclude you from doing so)